Jump to content

Archived

This topic is now archived and is closed to further replies.

master82

Check session id to log in

Recommended Posts

In my database I have a table called active - [userid, sessionid, ip, started, expire].

When a user logs in a session is created, its id recorded with user id, ip, the time it was created and an expiry time (I dont place any values into the session itself).

I have a script that deletes expired sessions from the table but need to make another script that I can use as an include on all my web page to do the following:
[list][*]check the session id[*]see if it exists in the active table[*]- - - if so, update/replace started (to time()) and update expire (time()+900)[*]- - - If not, redirect to login page (login.php)[/list]
Its basically a script to see if the user has already logged on in the last 15 mins.

Heres my really bad attempt...

[code]
<?php
include("connect.php");
session_start();

$sessionid = session_id();

$sql = "SELECT userid FROM active WHERE sessionid = '$sessionid'";
$result = mysql_query($sql,$conn) or die("No session matched");
if (mysql_num_rows($result) == 1) {
$userid = mysql_result($result, 0, 'userid');

$log = time();
$expire = $log + 900;
$ip = $_SERVER['REMOTE_ADDR'];

$Sql = "REPLACE INTO active (userid, sessionid, ip, logged, expire) VALUES ('$userid', '$sessionid', '$ip', '$log','$expire') WHERE sessionid = '$sessionid'";
$results = mysql_query($sql,$conn) or die("Unable to replace");
}
else
{
header("Location: login.php");
}
?>
[/code]

Anyone able to create this script or point me in the right direction?

Share this post


Link to post
Share on other sites
sure this is what i use:

[code]
<?
clean_sessions (); // your function for cleaning expired sessions

if (mysql_result (mysql_query ("SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'"), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}
?>
[/code]

remember the deletion function already removed the expired functions so you don't need to check if it is expired again.

Share this post


Link to post
Share on other sites
I've done that, but now I get this at the top of each page:

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 7 in Drive:\something\something\something\something\something\session.php on line 6

Warning: Cannot modify header information - headers already sent by (output started at Drive:\something\something\something\something\something\session.php:6) in Drive:\something\something\something\something\something\session.php on line 12

Any idea what the problem is?

Share this post


Link to post
Share on other sites
these are guidelines, you want to make sure the $ are correct as well as matching db fields. you can also do this

more valid
[code]
$sql = "SELECT `ip` FROM `active` WHERE `sessionid` = '$session_id'";
if (mysql_query ($sql) && mysql_result (mysql_query ($sql), 0) == $_SERVER['REMOTE_ADDR'])
{
    mysql_query ("UPDATE `active` SET `expire` = '".time()."' + 900 WHERE `sessionid` = '$session_id'");
    echo "yay";
}
else
{
    header ("location: /login.php");
}
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.